hallo ich hab einen trojanischen pferd auf meinem rechner den ich nicht weg bekomme, hijack brachte nichts.
bin erst auf "NONE OF THE ABOVE, JUST START THE PROGRAMM danach auf SCAN und anschliessend auf SAVE LOG....!

Mein HijackThis-File:

Logfile of HijackThis v1.99.1
Scan saved at 18:13:27, on 18.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\JayJay\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CIEPl Object - {02E60F0E-0497-4F6D-9214-39335A631A70} - C:\WINDOWS\system32\mcconfig.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\meofrasu.dll",setvm
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F04EE1C-B24B-46F7-80F7-0A4746BFC301}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mcconfig - C:\WINDOWS\SYSTEM32\mcconfig.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

kann mir denn jemand helfen was ich tun soll???

danke
gruss
jayjay

1. Ruhe bewahren
2. Wo wohnst Du ? bzw. Wohnst Du in Amerika und hast AOL als internetanbieter?
3. lade auf http://www.virustotal.com/en/indexf.html folgende datei hoch:
C:\WINDOWS\System32\meofrasu.dll
C:\WINDOWS\system32\mcconfig.dll

installiere zusätzlich noch das service pack 2 uNd aktuelle windows-updates!

@ dsl2000
1. okay
2. bin aus deutschland, ja aol ist mein anbieter "leider"
3. ich lade gerade beide datei hoch

@ Ariczzz
wo finde ich denn das servic pack 2 und mir sagten einige leute dass ich damit probleme bekommen könnte:...?

falls ihr es benötigt.
folgendes bei
C:\WINDOWS\System32\meofrasu.dll

STATUS: FINISHEDComplete scanning result of "meofrasu.dll_", received in VirusTotal at 03.18.2007, 19:13:12 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 TR/Dldr.ConHook.Gen
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 no virus found
AVG 7.5.0.447 03.18.2007 Generic3.KKM
BitDefender 7.2 03.18.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found
ClamAV 0.90.1 03.18.2007 no virus found
DrWeb 4.33 03.18.2007 BackDoor.Iterator
eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 no virus found
FileAdvisor 1 03.18.2007 no virus found
Fortinet 2.85.0.0 03.18.2007 no virus found
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.18.2007 Packed.Win32.Klone.j
Ikarus T3.1.1.3 03.18.2007 no virus found
Kaspersky 4.0.2.24 03.18.2007 Packed.Win32.Klone.j
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.18.2007 no virus found
NOD32v2 2125 03.18.2007 no virus found
Norman 5.80.02 03.16.2007 W32/Vundo.gen7
Panda 9.0.0.4 03.18.2007 no virus found
Prevx1 V2 03.18.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.18.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 Trojan/Klone.j
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 no virus found
VirusBuster 4.3.7:9 03.18.2007 no virus found


Aditional Information
File size: 267284 bytes
MD5: 6371322a5544d4c6133daf364158bf47
SHA1: fb457a95e8d97ead2a0294496a3ecd9806083348
packers: MORPHINE
packers: Morphine

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

das ist schonmal ein virus^^
versuche, die datei zulöschen. falls das nicht funktioniert, lade dir avenger(siehe signatur) und kopiere rein:

Files to delete:
C:\WINDOWS\System32\meofrasu.dll

das service pack 2 gibts hier:
http://www.chip.de/downloads/c1_downloads_13012933.html
die probleme können auftreten, sollte man aber in kauf nehmen..

und das bei C:\WINDOWS\system32\mcconfig.dll

STATUS: FINISHEDComplete scanning result of "mcconfig.dll", received in VirusTotal at 03.18.2007, 19:24:44 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.17.2007 TR/Agent.CS.8
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.16.2007 no virus found
AVG 7.5.0.447 03.18.2007 Generic3.GQO
BitDefender 7.2 03.18.2007 Trojan.Agent.ANX
CAT-QuickHeal 9.00 03.15.2007 Trojan.Agent.cs
ClamAV 0.90.1 03.18.2007 no virus found
DrWeb 4.33 03.18.2007 Trojan.Virtumod
eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 no virus found
FileAdvisor 1 03.18.2007 no virus found
Fortinet 2.85.0.0 03.18.2007 no virus found
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.18.2007 Trojan.Win32.Agent.cs
Ikarus T3.1.1.3 03.18.2007 Trojan.Win32.Agent.CS
Kaspersky 4.0.2.24 03.18.2007 Trojan.Win32.Agent.cs
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.18.2007 no virus found
NOD32v2 2125 03.18.2007 no virus found
Norman 5.80.02 03.16.2007 W32/Agent.BEDD
Panda 9.0.0.4 03.18.2007 Trj/Agent.EKN
Prevx1 V2 03.18.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.18.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 Trojan/Agent.cs
UNA 1.83 03.16.2007 Trojan.Win32.Agent.524A
VBA32 3.11.2 03.18.2007 no virus found
VirusBuster 4.3.7:9 03.18.2007 no virus found


Aditional Information
File size: 689172 bytes
MD5: 9467cab8bbaeb1b99c2cd2c4b390a594
SHA1: 0a03fb0ebc3e8459f9b90e1daa6365350ca6bb93

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

nochmal löschen oder avenger(bei avenger nur den pfad austauschen)

Logfile of HijackThis v1.99.1
Scan saved at 20:12:58, on 18.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\JayJay\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: CIEPl Object - {02E60F0E-0497-4F6D-9214-39335A631A70} - C:\WINDOWS\system32\mcconfig.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\meofrasu.dll",setvm
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mcconfig - mcconfig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

service pack downloaded.
jetzt bekomme beim öffnen der setup datei von service pack 2 folgende fehlermeldung:

c:/servicepack/WindowsXP-KB835935-SP2-DEU.exe ist keine zulässige Win32-Anwendung

was kann ich tun?